CVE-2023-51644

Опубликовано: 22 нояб. 2024

Источник: nvd

CVSS3: 9.8

CVSS3: 7.3

EPSS Низкий

Описание

The specific flaw exists within the configuration of Struts. The issue results from improper access control. An attacker can leverage this vulnerability to execute code in the context of LOCAL SERVICE. Was ZDI-CAN-22512.

Ссылки

https://www.trackplus.com/en/service/release-notes-reader/7-5-1-release-notes-2.html
Release Notes
https://www.zerodayinitiative.com/advisories/ZDI-24-102/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:alltena:allegra:*:*:*:*:*:*:*:*

Версия до 7.5.1 (исключая)

EPSS

Процентиль: 82%

0.01791

Низкий

9.8 Critical

CVSS3

7.3 High

CVSS3

Дефекты

CWE-284

NVD-CWE-noinfo

Связанные уязвимости

GHSA-qqcr-x579-7pxp

CVSS3: 9.8

github

около 1 года назад

Allegra SiteConfigAction Improper Access Control Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of Struts. The issue results from improper access control. An attacker can leverage this vulnerability to execute code in the context of LOCAL SERVICE. Was ZDI-CAN-22512.

EPSS

Процентиль: 82%

0.01791

Низкий

9.8 Critical

CVSS3

7.3 High

CVSS3

Дефекты

CWE-284

NVD-CWE-noinfo